May Threat Advisory – Top 5

SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of May 2022.

Credit to SecurityHQ team members: Devendra Bendre, Harsh Gajbhiya, Mandeep Sheoran, Geethu Krishna G.

F5 Released Patch for Critical Remote Code Execution Vulnerability in BIG-IP

Threat Reference: Global

Risks: System Takeover, Arbitrary System Command Execution 

Advisory Type: Updates/Patches

Priority: Standard

F5 has patched critical remote code execution vulnerability having CVSS Score 9.8 in iControl REST component of the BIG-IP which allows unauthenticated attacker with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP by sending undisclosed requests to bypass the iControl REST authentication.

Recommendation

• It is recommended to update BIG-IP to latest fixed versions.

Apple Patched Zero-day Vulnerabilities Along with Multiple Other Vulnerabilities Affecting Apple Devices.

Threat Reference: Global

Risks: Arbitrary Code Execution

Advisory Type: Updates/Patches

Priority: Elevated

Apple released security update to fix zero-day vulnerability which is actively exploited along with multiple other vulnerabilities for Apple devices. The vulnerability exists due to an error within the AppleAVD subsystem. Successful exploitation of these vulnerabilities could lead to arbitrary code execution on the targeted devices with the kernel level privileges.

Recommendation

• It is recommended to update Apple devices to their latest available version/patches.

VMware Fixed Critical Vulnerabilities in Multiple Products.

Threat Reference: Global

Risks: Privilege Escalation

Advisory Type: Advisory/Patches

Priority: Standard

VMware has released updates to fix a Critical and important vulnerability in various VMware products.

Recommendation

• It is recommended to update the affected VMware products to latest fixed versions.

Critical and High Vulnerabilities Fixed in Jupiter Theme and JupiterX Core WordPress Plugin

Threat Reference: Global

Risks: Privilege Escalation (Broken Access Control), Local File Inclusion (LFI)

Advisory Type: Updates/Patches

Priority: Standard

Security researchers discovered a critical privilege escalation vulnerability, Authenticated Path Traversal, and Local File Inclusion vulnerability in Jupiter Theme and JupiterX core WordPress Plugin.

Recommendation

• It is recommended to update affected software to the latest available version (Jupiter Theme 6.10.2 and JupiterX Core Plugin 2.0.8)

SonicWall Patched High Severity Unauthenticated Access Control Bypass Vulnerability in SMA 1000 Series

Threat Reference: Global

Risks: Improper Access Control vulnerability

Advisory Type: Updates/Patches

Priority: Standard

SonicWall released a security update to patch the unauthenticated access control bypass vulnerability with a CVSS score of 8.2 (High) and other vulnerabilities in the SMA 1000 Series. Successful exploitation of the vulnerability can allow an unauthenticated attacker to bypass access control and gain access to an organization’s internal resources.

Recommendation

• It is recommended to update SonicWALL SMA 1000 Series firmware to the latest available version/patch.

Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here.

Or if you suspect a security incident, you can report an incident here.